The WiseLendingDeclaration contract assumes that the FeeManager of the system will possess the 0 NFT ID of the PositionNFTs contract, however, this is not guaranteed and findings in PositionNFTs within the audit have shown that the 0 NFT ID may not even exist.
Impact:
As there are multiple ways to compromise what token ID will be minted by the DeclarationsFeeManager of FeeManager, a misconfigured FEE_MANAGER_NFT can cause significant misbehaviours in the ultimate WiseLending implementation.
Example:
uint256 constant FEE_MANAGER_NFT = 0;
Recommendation:
We advise the code to set the FEE_MANAGER_NFT in the contract's WiseLendingDeclaration::constructor and to set the variable as immutable, retaining almost an identical gas cost to constant whilst representing the correct token ID.
vm06007
commented
1 year ago
WLD-02M: Insecure Assumption of NFT Acquisition
Description:
The
WiseLendingDeclarationcontract assumes that theFeeManagerof the system will possess the0NFT ID of thePositionNFTscontract, however, this is not guaranteed and findings inPositionNFTswithin the audit have shown that the0NFT ID may not even exist.Impact:
As there are multiple ways to compromise what token ID will be minted by the
DeclarationsFeeManagerofFeeManager, a misconfiguredFEE_MANAGER_NFTcan cause significant misbehaviours in the ultimateWiseLendingimplementation.Example:
Recommendation:
We advise the code to set the
FEE_MANAGER_NFTin the contract'sWiseLendingDeclaration::constructorand to set the variable asimmutable, retaining almost an identical gas cost toconstantwhilst representing the correct token ID.Alternatively, the value may be set by the
WiseLendingDeclaration::setSecurityfunction to a normal contract-level variable.